SAP Cyber Threat Intelligence report – August 2018

The SAP threat landscape is always expanding thus putting organizations of all sizes and industries at risk of cyber attacks. The idea behind the monthly SAP Cyber Threat Intelligence report is to provide an insight into the latest security vulnerabilities and threats.

Key takeaways

The recent patch update consists of 27 patches with the majority of them rated medium.

The most common vulnerability types are Implementation Flaw and Missing Authorization Check.

SAP Security Notes – August 2018

SAP has released the monthly critical patch update for August 2018. This patch update closes 27 SAP Security Notes (14 SAP Security Patch Day Notes and 13 Support Package Notes). 7 of all the patches are updates to previously released Security Notes.

12 notes are released after the second Tuesday of the previous month and before the second Tuesday of this month.

This month, Implementation Flaw and Missing Authorization Check are the largest groups in terms of the number of vulnerabilities.

It is recommended that SAP users implement security patches as they are released as it helps protect the SAP landscape.

Critical issues closed by SAP Security Notes in August

The following SAP Security Notes can patch the most severe vulnerabilities of this update :

2655250: SAP SRM MDM Catalog has a Missing Authorization check vulnerability (CVSS Base Score: 8.6CVE-2018-2449 ). An attacker can use the vulnerability to access a service without any authorization procedures and to use service functionality that has restricted access. This can lead to an information disclosure, privilege escalation, and other attacks.
Install this SAP Security Note to prevent the risks.

2644154: SAP BI Launchpad Web Intelligence has an SQL Injection (SQLi) vulnerability (CVSS Base Score: 7.7CVE-2018-2447). An attacker can use this vulnerability with a help of specially crafted SQL queries. He or she can read and modify sensitive information in a database, execute administration operations, destroy data or make it unavailable. In some cases, the hacker can access system data or execute OS commands.
Install this SAP Security Note to prevent the risks.

2614229: SAP BusinessObjects Business Intelligence platform has a Memory Corruption vulnerability (CVSS Base Score: 7.5CVE-2015-5237 ). An attacker can use Buffer overflow vulnerability for injecting specially crafted code into a working memory which will be executed by vulnerable application. Executed commands will run with the same privileges of a service that executed a command. This can lead to complete control of an application, denial of service, command execution, and other attacks. In case of command execution, attackers can obtain critical technical and business-related information stored in a vulnerable SAP system or use it for privilege escalation. Speaking about denial of service, it is possible to terminate a process of a vulnerable component so that nobody can use this service. This fact negatively influences a business processes, system downtime and business reputation as a result.
Install this SAP Security Note to prevent the risks.

Advisories for these SAP vulnerabilities with technical details will be available in three months on erpscan.com. Exploits for the most critical vulnerabilities are already available in ERPScan Security Monitoring Suite.